Brian Dye, Symantec's senior vice president for information security, caused lot of virtual ink to be spilled when he told the Wall Street Journal that antivirus "is dead. We don't think of antivirus as a moneymaker in any way." According to Dye, traditional signature antivirus picks up about 45% of cyber attacks. Eeva Haaramo points out on ZDNet that this is not news. Symantec's endpoint protection products (as well as those of their competitors) already look for suspicious activity that may come from previously unseen viruses. They also integrate a local firewall, spam protection, and other new features.
If you want to see the scope of the feeding frenzy, enter "symantec antivirus is dead" into your favorite search engine. A lot of writers dwell a bit on the irony of this statement coming from the company that essentially invented the industry.
Symantec has clarified things a bit, with a pair of video interviews with Brian Dye from their recent Vision conference. Brian says what should have been obvious from the start, that signature based antivirus hasn't been a complete solution for some time, but is one component of defense in depth that also includes things like an endpoint firewall, behavioral heuristics, etc. This has been the strategy of Symantec and every other major AV player for years.
So why use signature based AV at all? Because it's very efficient at finding what it finds, leaving your heuristics more cycles to detect emerging threats. Also, anything detected by signature is already an identified threat. You know what it is, which gets a different response than a threat that is unknown.
This is one of those stories that got a lot more hype than it deserved, largely because of the optics. Don't get rid of your AV, just make sure that it's part of comprehensive endpoint protection.
As Mark Twain wrote in The New York Journal when newspapers incorrectly reported that he was ill or dead "the report of my death was an exaggeration."
About Andy Sherman
Andy Sherman, Eden Technologies’ security practice lead has a PhD in physics from Rensselaer Polytechnic Institute and started his career in the academic world. He then went to AT&T Bell Laboratories where he discovered the power – and hazards – of large distributed computer networks. It was also at Bell Labs, during the early days of the Internet, that Andy became interested in the security problems associated with public networks. From Bell Labs Andy moved to the financial services industry. There he worked on a large range of infrastructure design, deployment, and management projects, but is best known for his 15+ years in information and technology security.